Security Basics mailing list archives
Re: IP to MAC mapping
From: "Shanon" <liquid_nitrogen79 () hotmail com>
Date: Thu, 28 Nov 2002 11:10:37 +0530
If you have linux box you can also try this simple perl script #!/usr/bin/perl $pid=fork(); if($pid>0){die "Forked";} else { while (1) { open(FileHND,"/proc/net/arp"); open(LogHND,">>$ARGV[0]") if $ARGV[0]; open(LogHND,">>&STDOUT") if !$ARGV[0]; while(<FileHND>) { @array = split(/\s+/); if($array[0] =~ /^\d/){ if($list{$array[0]} && ($list{$array[0]} ne $array[3])) { print LogHND ("ARP Address $array[0] changed from $list{$array[0]} to $array[3]\n") ; } elsif($list{$array[0]} ne $array[3]) { print LogHND "Adding $array[0]\n" if $ARGV[1] ne silent; $list{$array[0]} = $array[3]; }} } close(FileHND); sleep 3; } } ----- Original Message ----- From: "Burton M. Strauss III" <bstrauss3 () attbi com> To: <security-basics () securityfocus com> Cc: "Johan Denoyer" <jdenoy () digital-connexion info> Sent: Friday, November 22, 2002 6:19 PM Subject: RE: IP to MAC mapping
Understand that most OSes (perhaps not windows, but I wouldn't put it past having a registry key somewhere) allow you to set the MAC address to anything you want it to be... So all you would find would be casual crashers... Set up a small Linux or *nix box and use arpwatch - it's a daemon that monitors the network and can email you with changes. -----Burton -----Original Message----- From: Johan Denoyer [mailto:jdenoy () digital-connexion info] Sent: Wednesday, November 20, 2002 11:50 AM To: security-basics () securityfocus com Subject: IP to MAC mapping Hi, we are currently looking into illegal usage of a protected network. We are managing a class C network, and we would like to be able to detect illegal usage of the network by finding the MAC address of the ip address used and then checking it against a database. Now I would like to find a software or a perl scrip that would do the
work.
(The budget that we have is 0$, so freeware is likely to be the solution) I have tried doing searches using google without any luck. If anyone uses such software, please tell me which one, and where I can find it. Thanks, Salutations, Johan Denoyer jdenoy () digital-connexion info Digital Connexion http://www.digital-connexion.info PGP : 0x57A6727B
Attachment:
arp.pl
Description:
Current thread:
- IP to MAC mapping Johan Denoyer (Nov 22)
- RE: IP to MAC mapping Ian Lyte (Nov 25)
- RE: IP to MAC mapping Vytautas Kaziukonis (Nov 26)
- Re: IP to MAC mapping _rAt_ (Nov 26)
- Re: IP to MAC mapping Richard Westlake (Nov 25)
- RE: IP to MAC mapping Burton M. Strauss III (Nov 25)
- Re: IP to MAC mapping Shanon (Nov 28)
- RE: IP to MAC mapping Seth Connolly (Nov 25)
- Re: IP to MAC mapping Jon (Nov 25)
- Re: IP to MAC mapping Devdas Bhagat (Nov 25)
- Re: IP to MAC mapping Robert Hogan (Nov 26)
- Message not available
- Re: IP to MAC mapping Devdas Bhagat (Nov 26)
- Enforcing IE not cache usr/passwords and parsing the current cache Mark (fat) (Nov 28)
- RE: IP to MAC mapping Ian Lyte (Nov 25)
- RE: IP to MAC mapping Steinar Skjelanger (Nov 27)
- <Possible follow-ups>
- RE: IP to MAC mapping Wolf, Glenn (Nov 25)